PT-2025-27958 · Linux+6 · Linux Kernel+6

Published

2025-06-16

·

Updated

2026-05-22

·

CVE-2025-38183

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A potential out-of-bounds write issue has been identified in the Linux kernel, specifically in the lan743x ptp io event clock get() function. The issue arises when the channel value is used as an index to write to ptp->extts[], which has only LAN743X PTP N EXTTS(4) elements. To prevent this, the value of LAN743X PTP N EXTTS should be set to 8, allowing all supported GPIO inputs to be utilized. This issue was detected using the static analysis tool Svace.
Recommendations: To resolve this issue, set LAN743X PTP N EXTTS to 8 in the lan743x ptp io event clock get() function to prevent out-of-bounds writes and utilize all supported GPIO inputs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

AZL-64725
BDU:2025-09665
CVE-2025-38183
DLA-4328-1
DSA-5973-1
ECHO-7309-9DB9-4B18
MGASA-2025-0218
MGASA-2025-0219
OESA-2026-2417
OESA-2026-2418
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7833-1
USN-7833-2
USN-7833-3
USN-7833-4
USN-7834-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu